Microsoft released September 2018 patch fixes 61 vulnerabilities

Microsoft released the September patch yesterday, fixing 61 vulnerabilities. Among these, 17 were identified as critical vulnerabilities, 43 were critical vulnerabilities, and 1 was a medium critical vulnerability. This update honors the last official commitment to fix a scheduled 0-day vulnerability announced by a security researcher on Twitter recently (this vulnerability has been fixed by a third-party security patch). The vulnerabilities are the same as before, involving Microsoft mainstream products, including Edge, Windows, IE, Office, .NET Framework and so on.

4 vulnerabilities have been disclosed before, which are still possible of being exploited
CVE-2018-8475 Windows Remote Code Execution Vulnerability affects all Windows versions (including Windows 10), which could allow an attacker to create a malicious image file that would execute code when opened. Due to the way it is used, there may be a lot of phishing attacks in the future that will exploit this vulnerability.

CVE-2018-8440 Windows ALPC Elevation of Privilege Vulnerability is released by a security researcher on Twitter recently. It allows attackers to implement privilege elevation. PoC has been released on Github, and third-party security patches and solutions are released in a timely manner.

CVE-2018-8409 System.IO.Pipelines DoS Vulnerability is a vulnerability in ASP,NET that causes a denial of service when System.IO.Pipelines handles an error, and attackers can remotely trigger this vulnerability in an unauthorized state.

Other vulnerabilities need to be addressed
Talos and ZDI summarize the critical vulnerabilities that currently need to be addressed immediately, in addition to the above vulnerabilities:

CVE-2018-0965/8439 Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability in Windows Hyper-V. It would allow attackers to craft a malicious application that could escape the guest virtual machine and execute commands on the host machine.

CVE-2018-8461/8447 Internet Explorer Memory Corruption Vulnerability is a vulnerability in Internet Explorer 11 that would allow a malicious web site to perform remote code execution.
CVE-2018-8332 Win32k Graphics Remote Code Execution Vulnerability affects all Windows versions from Windows 10 through Windows Server that could allow an attacker to create a malicious font, which when viewed could cause remote code execution.

CVE-2018-8391 Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability for the Chakra scripting engine that can only be exploited by attackers when the user is logged in as an administrator.